Protocol Profiler - Juniper NETWORK AND SECURITY MANAGER 2010.4 - CONFIGURING INTRUSION DETECTION PREVENTION DEVICES GUIDE REV 01 Manual

Configuring Intrusion Detection and Prevention Devices Guide

Protocol Profiler

Table 10: Protocol Profiler Data
Column
Src IP
Dst IP
User
Role
Context
Value
Src MAC
Dst MAC
Src OUI
Dst OUI
Src OS Name
Dst OS Name
22
TIP: You can jump from the Application Profiler tab to the APE rulebase editor
by right-clicking an application in the left pane and selecting a policy editor
option. For information about using NSM features to sort, filter, and drill down
on records, see the NSM online help.
The Protocol Profiler tab displays information about applications that are running on
your network.
Table 10 on page 22 describes the protocol profiler data.
Description
Source IP address of the session.
NOTE: Profiler tracks all traffic through the IDP appliance, including traffic for hosts not in your
tracked hosts list. It records a value of 73.78.69.84 for the IP address for hosts not defined in the
Tracked Hosts tab, such as external hosts you would not know and therefore could not configure.
Destination IP address.
NOTE: Communication between an internal host and an external host is recorded only once. For
example, the device records internal host A communicating to
http://edition.cnn.com
as one entry in the Profiler DB.
The user associated with the session.
The role to which the user belongs.
Matching contexts.
Value retrieved from matching context.
Source MAC addresses.
Destination MAC addresses.
Source OUI.
NOTE: The Organizationally Unique Identifier (OUI) value is a mapping of the first three bytes
of the MAC address and the organization that owns the block of MACs. You can obtain a list of
OUIs at http://standards.ieee.org/regauth/oui/oui.txt
Destination OUI.
Operating-system version running on the source IP.
Operating-system version running on the destination IP.
http://ca.yahoo.com
and
.
Copyright © 2010, Juniper Networks, Inc.